• SL faces growing threat from pig-butchering cybercrime networks

The Financial Intelligence Unit (FIU) of the Central Bank of Sri Lanka (CBSL) has officially escalated the national money laundering threat level for fraud from medium to medium-high as of January, officials have revealed during a sitting of the Committee on Public Finance (COPF). 

This follows an intensive 18-month study which found that the country’s financial landscape was facing an unprecedented surge in sophisticated international criminal activity.

The FIU warned that international fraudsters were increasingly exploiting Sri Lanka’s porous borders to establish the country as a destination for high-speed criminal operations, particularly through pig-butchering scams and rapid-response cybercrime targeting the economy.

The FIU’s investigation has revealed that international criminal actors are no longer merely targeting Sri Lankans from abroad, but are physically entering the country to utilise local infrastructure for complex fraud schemes. 

Among the most prominent threats identified was pig butchering, a specialised form of long-term fraud involving the digital grooming of victims before stealing significant financial assets. 

Officials said the speed at which such crimes were carried out had become a major concern for regulators, as cyber syndicates could now move illicit funds through multiple financial institutions within extremely short periods, rendering traditional manual tracking methods largely ineffective. 

Given that local resources for tracing these complex international financial movements remain very limited, the FIU increasingly relies on bilateral relationships with international peer organisations, including the Egmont Group of Financial Intelligence Units and the Federal Bureau of Investigation (FBI), to monitor and intercept criminal actors. 

Responding to queries raised by COPF members, FIU officials also highlighted the importance of what they described as the golden hour – the narrow period immediately following a fraudulent transaction. 

Officials explained that if victims identified the fraud and law enforcement authorities were notified within that period, there was a significantly greater chance of freezing and recovering the funds. Once the golden hour lapses, however, the money is typically transferred across multiple institutions, making recovery efforts considerably more difficult.

To address this issue, a collaborative initiative involving the Ministry of Digital Economy and law enforcement agencies is currently underway to establish a dedicated call centre staffed by law enforcement officers. The centre is expected to provide the public with an immediate mechanism to report fraud, allowing authorities to intervene rapidly before illicit funds are moved beyond reach.

The scale of data currently handled by the FIU has also emerged as a significant bottleneck in generating actionable intelligence. Officials revealed that the FIU database now stored over 100 million transactions, a figure that had grown rapidly since 2022. 

The unit captures approximately three million new transactions each month, focusing primarily on Cash Transaction Reports (CTRs) and Electronic Fund Transfers (EFTs) that meet the Rs. 1 million reporting threshold.

Officials further noted that the software currently used to process this data – goAML version 4.9, provided by the United Nations Office on Drugs and Crime (UNODC) – had become cumbersome due to the sheer volume of transactions. As a result, the FIU has obtained board approval and the necessary clearance to upgrade to version 5.6. 

The upgrade, described as a huge jump in capability, is expected to be completed by July and aims to more effectively transform raw transactional data into actionable intelligence for dissemination among law enforcement and other competent authorities.

A major point of concern raised during the COPF session was the FIU’s lack of direct visibility into the LankaPay transactional database. Currently, the FIU operates under a reporting model in which financial institutions are legally required to submit Suspicious Transaction Reports (STRs) within two working days of identifying suspicious activity.

However, COPF members argued that, given the speed at which these fraudsters were taking over systems, a two-day reporting window was insufficient to prevent major financial losses.

While the CBSL has instructed LankaPay to introduce its own centralised fraud management system to monitor transactions and detect threshold-based anomalies across the network, the FIU itself does not currently have real-time access to LankaPay’s data. 

Thus, COPF members urged the CBSL to reconsider this separation, arguing that the FIU required better visibility to detect systemic risks before they resulted in significant capital outflows.